[Scspamcop] Re: setting up a spamtrap

Sofa King Tyred of Lar Ting nobody at devnull.spamcop.net
Thu Jan 3 18:56:47 EST 2008 

Chris Wright wrote:
> If you want the low down on how best to set up a spam trap/honeypot,
> you'll get some great information and support over at:
> 
> http://www.projecthoneypot.org/

Thanks. PHPot is great.

I found the following paragraph at 
http://www.projecthoneypot.org/board/read.php?f=8&i=123&t=81

<quote>
If we setup an RBL that published the IPs of spam senders, a spammer 
could setup their own honey pot and scrape the email addresses it 
contains. They could then take these known spam trap addresses and use 
them to sign up for Amazon. When Amazon emailed out a confirmation 
message, we would potentially list them as a "spammer" and all the 
problems of existing RBLs would ensue. You can make RBLs work, but they 
have to be very carefully monitored by human editors. Since this isn't 
our primary line of business, we just don't have the resources to do that.
</quote>

Even in this instance, I would say that any "mass scale" polluting of 
RBLs would entail spammers using pwned machines (zombies) to initiate 
the sign-up requests. Well run lists (or the MTAs that feed them) would 
not deal with nefarious IPs at the SMTP level, thereby not allowing 
these requests to even enter their systems. I would argue that web pages 
that accept email addresses for sign-up should also disallow the 
requests from RBL'd IPs.

http://www.cluelessmailers.org/info/listmanagement.html states:

<quote>
4) Your subscription server sends a confirmation request email to the 
submitted email address. The request message contains the same info 
stored by your server: date and time stamps for the submission, the IP 
address of the requesting computer, the name of the mailing list, the 
unique token, and the submitted address.
</quote>

Since the IP address of the requesting computer is being examined, a 
DNSBL should be applied to avoid accepting bogus sign-up requests from 
spammers exploiting these machines.

If Amazon.com complained that I DNSBL'd them because of a bogus sign-up 
request that came to my spam-trap, and in that request (step 4 above) it 
can be shown that the IP address of the requesting computer was on a 
DNSBL as a likely zombie, I'd tell Amazon.com that they need to do their 
job and make sure that spammers stop using their web pages to send me 
bogus requests.

More information about the SCspamcop mailing list